Kind of, in that embedding anything from a site you can’t trust is inherently risky, but I’d say it’s not actually that bad, for two reasons:
- iframes are much better sandboxed than they once were, and are much safer now than their reputation suggests
- you probably wouldn’t be embedding from any old instance; I assume you could embed from an instance you use and trust as long as the post is federated to it
Now, that’s what I call journalism!